Repository: ambari Updated Branches: refs/heads/trunk 494ae7a15 -> 9d806633e
AMBARI-8627. Allow for service-level Kerberos descriptor to contain multiple services. (Robert Levas via Jaimin Jetly) Project: http://git-wip-us.apache.org/repos/asf/ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/ambari/commit/9d806633 Tree: http://git-wip-us.apache.org/repos/asf/ambari/tree/9d806633 Diff: http://git-wip-us.apache.org/repos/asf/ambari/diff/9d806633 Branch: refs/heads/trunk Commit: 9d806633ebec751a46c196dcb5b5e32a710d54d4 Parents: 494ae7a Author: Jaimin Jetly <[email protected]> Authored: Wed Dec 10 13:07:44 2014 -0800 Committer: Jaimin Jetly <[email protected]> Committed: Wed Dec 10 13:07:54 2014 -0800 ---------------------------------------------------------------------- .../kerberos/AbstractKerberosDescriptor.java | 25 +++- .../KerberosConfigurationDescriptor.java | 24 ++-- .../state/kerberos/KerberosDescriptor.java | 21 ++- .../kerberos/KerberosServiceDescriptor.java | 95 +++++++++++- .../state/kerberos/KerberosDescriptorTest.java | 18 ++- .../kerberos/KerberosServiceDescriptorTest.java | 110 +++++++++++++- .../test/resources/service_level_kerberos.json | 143 +++++++++++++++++++ .../service_level_kerberos_invalid.json | 89 ++++++++++++ 8 files changed, 492 insertions(+), 33 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ambari/blob/9d806633/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptor.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptor.java b/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptor.java index b18e412..cd44fe5 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptor.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/AbstractKerberosDescriptor.java @@ -19,6 +19,7 @@ package org.apache.ambari.server.state.kerberos; import com.google.gson.Gson; +import com.google.gson.JsonSyntaxException; import com.google.gson.reflect.TypeToken; import org.apache.ambari.server.AmbariException; @@ -218,6 +219,7 @@ public abstract class AbstractKerberosDescriptor { * @return a Map of the data * @throws FileNotFoundException if the specified File does not point to a valid file * @throws IOException if the specified File is not a readable file + * @throws AmbariException if the specified File does not contain valid JSON data */ protected static Map<String, Object> parseFile(File file) throws IOException { if (file == null) { @@ -225,9 +227,13 @@ public abstract class AbstractKerberosDescriptor { } else if (!file.isFile() || !file.canRead()) { throw new IOException(String.format("%s is not a readable file", file.getAbsolutePath())); } else { - return new Gson().fromJson(new FileReader(file), - new TypeToken<Map<String, Object>>() { - }.getType()); + try { + return new Gson().fromJson(new FileReader(file), + new TypeToken<Map<String, Object>>() { + }.getType()); + } catch (JsonSyntaxException e) { + throw new AmbariException(String.format("Failed to parse JSON-formatted file: %s", file.getAbsolutePath()), e); + } } } @@ -236,14 +242,19 @@ public abstract class AbstractKerberosDescriptor { * * @param json a String containing the JSON-formatted text to parse * @return a Map of the data + * @throws AmbariException if an error occurs while parsing the JSON-formatted String */ - protected static Map<String, Object> parseJSON(String json) { + protected static Map<String, Object> parseJSON(String json) throws AmbariException { if ((json == null) || json.isEmpty()) { return Collections.emptyMap(); } else { - return new Gson().fromJson(json, - new TypeToken<Map<String, Object>>() { - }.getType()); + try { + return new Gson().fromJson(json, + new TypeToken<Map<String, Object>>() { + }.getType()); + } catch (JsonSyntaxException e) { + throw new AmbariException("Failed to parse JSON-formatted string", e); + } } } http://git-wip-us.apache.org/repos/asf/ambari/blob/9d806633/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosConfigurationDescriptor.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosConfigurationDescriptor.java b/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosConfigurationDescriptor.java index 1e33e68..3cdd9908 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosConfigurationDescriptor.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosConfigurationDescriptor.java @@ -67,17 +67,19 @@ public class KerberosConfigurationDescriptor extends AbstractKerberosDescriptor if (data != null) { Set<?> keySet = data.keySet(); - // Only a single entry is expected... - Object key = keySet.iterator().next(); - if (key != null) { - Object object = data.get(key); - - setType(key.toString()); - - if (object instanceof Map) { - for (Map.Entry<?, ?> entry : ((Map<?, ?>) object).entrySet()) { - Object value = entry.getValue(); - putProperty(entry.getKey().toString(), (value == null) ? null : value.toString()); + if (!keySet.isEmpty()) { + // Only a single entry is expected... + Object key = keySet.iterator().next(); + if (key != null) { + Object object = data.get(key); + + setType(key.toString()); + + if (object instanceof Map) { + for (Map.Entry<?, ?> entry : ((Map<?, ?>) object).entrySet()) { + Object value = entry.getValue(); + putProperty(entry.getKey().toString(), (value == null) ? null : value.toString()); + } } } } http://git-wip-us.apache.org/repos/asf/ambari/blob/9d806633/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosDescriptor.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosDescriptor.java b/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosDescriptor.java index 14ba19d..0c05859 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosDescriptor.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosDescriptor.java @@ -17,6 +17,8 @@ */ package org.apache.ambari.server.state.kerberos; +import org.apache.ambari.server.AmbariException; + import java.io.File; import java.io.FileNotFoundException; import java.io.IOException; @@ -102,10 +104,16 @@ public class KerberosDescriptor extends AbstractKerberosDescriptorContainer { * * @param file a File pointing to the file containing JSON-formatted text * @return a newly created KerberosDescriptor - * @throws FileNotFoundException if the file does not point to a readable file + * @throws FileNotFoundException if the specified File does not point to a valid file + * @throws IOException if the specified File is not a readable file + * @throws AmbariException if the specified File does not contain valid JSON data */ public static KerberosDescriptor fromFile(File file) throws IOException { - return new KerberosDescriptor(parseFile(file)); + try { + return new KerberosDescriptor(parseFile(file)); + } catch (AmbariException e) { + throw new AmbariException(String.format("An error occurred processing the JSON-formatted file: %s", file.getAbsolutePath()), e); + } } /** @@ -113,9 +121,14 @@ public class KerberosDescriptor extends AbstractKerberosDescriptorContainer { * * @param json a File pointing to the file containing JSON-formatted text * @return a newly created KerberosDescriptor + * @throws AmbariException if an error occurs while processing the JSON-formatted String */ - public static KerberosDescriptor fromJSON(String json) { - return new KerberosDescriptor(parseJSON(json)); + public static KerberosDescriptor fromJSON(String json) throws AmbariException { + try { + return new KerberosDescriptor(parseJSON(json)); + } catch (AmbariException e) { + throw new AmbariException("An error occurred processing the JSON-formatted string", e); + } } /** http://git-wip-us.apache.org/repos/asf/ambari/blob/9d806633/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosServiceDescriptor.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosServiceDescriptor.java b/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosServiceDescriptor.java index 12b588c..1f5e94f 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosServiceDescriptor.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/state/kerberos/KerberosServiceDescriptor.java @@ -17,6 +17,8 @@ */ package org.apache.ambari.server.state.kerberos; +import org.apache.ambari.server.AmbariException; + import java.io.File; import java.io.FileNotFoundException; import java.io.IOException; @@ -109,15 +111,93 @@ public class KerberosServiceDescriptor extends AbstractKerberosDescriptorContain private Map<String, KerberosComponentDescriptor> components; /** - * Creates a new KerberosServiceDescriptor + * Creates a Collection of KerberosServiceDescriptors parsed from a JSON-formatted file. + * <p/> + * The file is expected to be formatted as follows: + * <pre> + * { + * "services" : [ + * ... (zero or more service descriptor blocks) ... + * ] + * } + * </pre> * - * @param name a String declaring this service's name - * @param file a JSON-formatted file containing this service's descriptor data - * @throws FileNotFoundException if the descriptor file is not found + * @param file a JSON-formatted file containing this service-level descriptor data + * @return an array of KerberosServiceDescriptor objects + * @throws FileNotFoundException if the specified File does not point to a valid file + * @throws IOException if the specified File is not a readable file + * @throws AmbariException if the specified File does not contain valid JSON data + * @see org.apache.ambari.server.state.kerberos.KerberosServiceDescriptor + */ + public static KerberosServiceDescriptor[] fromFile(File file) throws IOException { + try { + return fromMap(parseFile(file)); + } catch (AmbariException e) { + throw new AmbariException(String.format("An error occurred processing the JSON-formatted file: %s", file.getAbsolutePath()), e); + } + } + + /** + * Creates a Collection of KerberosServiceDescriptors parsed from a JSON-formatted String. + * <p/> + * The String is expected to be formatted as follows: + * <pre> + * { + * "services" : [ + * ... (zero or more service descriptor blocks) ... + * ] + * } + * </pre> + * + * @param json a JSON-formatted String containing this service-level descriptor data + * @return an array of KerberosServiceDescriptor objects + * @throws AmbariException if an error occurs while processing the JSON-formatted String * @see org.apache.ambari.server.state.kerberos.KerberosServiceDescriptor */ - public static KerberosServiceDescriptor fromFile(String name, File file) throws IOException { - return new KerberosServiceDescriptor(name, parseFile(file)); + public static KerberosServiceDescriptor[] fromJSON(String json) throws AmbariException { + try { + return fromMap(parseJSON(json)); + } catch (AmbariException e) { + throw new AmbariException("An error occurred processing the JSON-formatted string", e); + } + } + + /** + * Creates a Collection of KerberosServiceDescriptors parsed from a Map of data. + * <p/> + * The Map is expected to be formatted as follows: + * <pre> + * "services" => [ + * ... (zero or more Maps containing service descriptor data) ... + * ] + * </pre> + * + * @param map a Map containing this service-level descriptor data + * @return an array of KerberosServiceDescriptor objects + * @throws org.apache.ambari.server.AmbariException if an error occurs while processing the Map + * @see org.apache.ambari.server.state.kerberos.KerberosServiceDescriptor + */ + public static KerberosServiceDescriptor[] fromMap(Map<String, Object> map) throws AmbariException { + ArrayList<KerberosServiceDescriptor> descriptors = new ArrayList<KerberosServiceDescriptor>(); + + if (map != null) { + Object servicesData = map.get("services"); + + if (servicesData == null) { + throw new AmbariException("Missing top-level \"services\" property in service-level Kerberos descriptor data"); + } else if (servicesData instanceof Collection) { + for (Object serviceData : (Collection) servicesData) { + if (serviceData instanceof Map) { + descriptors.add(new KerberosServiceDescriptor((Map) serviceData)); + } + } + } else { + throw new AmbariException(String.format("Unexpected top-level \"services\" type in service-level Kerberos descriptor data: %s", + servicesData.getClass().getName())); + } + } + + return descriptors.toArray(new KerberosServiceDescriptor[descriptors.size()]); } /** @@ -125,9 +205,10 @@ public class KerberosServiceDescriptor extends AbstractKerberosDescriptorContain * * @param name a String declaring this service's name * @param json a JSON-formatted String containing this service's descriptor data + * @throws AmbariException if an error occurs while parsing the JSON-formatted String * @see org.apache.ambari.server.state.kerberos.KerberosServiceDescriptor */ - public static KerberosServiceDescriptor fromJSON(String name, String json) { + public static KerberosServiceDescriptor fromJSON(String name, String json) throws AmbariException { return new KerberosServiceDescriptor(name, parseJSON(json)); } http://git-wip-us.apache.org/repos/asf/ambari/blob/9d806633/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorTest.java b/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorTest.java index e882984..56f1a01 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosDescriptorTest.java @@ -22,6 +22,8 @@ import junit.framework.Assert; import org.apache.ambari.server.AmbariException; import org.junit.Test; +import java.io.File; +import java.net.URL; import java.util.ArrayList; import java.util.HashMap; import java.util.List; @@ -216,7 +218,7 @@ public class KerberosDescriptorTest { Assert.assertEquals("red", configProperties.get("property1")); } - private KerberosDescriptor createFromJSON() { + private KerberosDescriptor createFromJSON() throws AmbariException { return KerberosDescriptor.fromJSON(JSON_VALUE); } @@ -236,7 +238,7 @@ public class KerberosDescriptorTest { } @Test - public void testJSONDeserialize() { + public void testJSONDeserialize() throws AmbariException { validateFromJSON(createFromJSON()); } @@ -245,6 +247,18 @@ public class KerberosDescriptorTest { validateFromMap(createFromMap()); } + @Test + public void testInvalid() { + // Invalid JSON syntax + try { + KerberosServiceDescriptor.fromJSON(JSON_VALUE + "erroneous text"); + Assert.fail("Should have thrown AmbariException."); + } catch (AmbariException e) { + // This is expected + } catch (Throwable t) { + Assert.fail("Should have thrown AmbariException."); + } + } @Test public void testEquals() throws AmbariException { http://git-wip-us.apache.org/repos/asf/ambari/blob/9d806633/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosServiceDescriptorTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosServiceDescriptorTest.java b/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosServiceDescriptorTest.java index d905522..9785e54 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosServiceDescriptorTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/state/kerberos/KerberosServiceDescriptorTest.java @@ -21,6 +21,9 @@ import junit.framework.Assert; import org.apache.ambari.server.AmbariException; import org.junit.Test; +import java.io.File; +import java.io.IOException; +import java.net.URL; import java.util.ArrayList; import java.util.HashMap; import java.util.List; @@ -46,6 +49,46 @@ public class KerberosServiceDescriptorTest { " ]" + "}"; + public static final String JSON_VALUE_SERVICES = + "{ " + + "\"services\" : [" + + "{" + + " \"name\": \"SERVICE_NAME\"," + + " \"identities\": [" + + KerberosIdentityDescriptorTest.JSON_VALUE + + "]," + + " \"components\": [" + + KerberosComponentDescriptorTest.JSON_VALUE + + "]," + + " \"configurations\": [" + + " {" + + " \"service-site\": {" + + " \"service.property1\": \"value1\"," + + " \"service.property2\": \"value2\"" + + " }" + + " }" + + " ]" + + "}," + + "{" + + " \"name\": \"A_DIFFERENT_SERVICE_NAME\"," + + " \"identities\": [" + + KerberosIdentityDescriptorTest.JSON_VALUE + + "]," + + " \"components\": [" + + KerberosComponentDescriptorTest.JSON_VALUE + + "]," + + " \"configurations\": [" + + " {" + + " \"service-site\": {" + + " \"service.property1\": \"value1\"," + + " \"service.property2\": \"value2\"" + + " }" + + " }" + + " ]" + + "}" + + "]" + + "}"; + public static final Map<String, Object> MAP_VALUE = new HashMap<String, Object>() { { @@ -71,6 +114,13 @@ public class KerberosServiceDescriptorTest { } }; + public static void validateFromJSON(KerberosServiceDescriptor[] serviceDescriptors) { + Assert.assertNotNull(serviceDescriptors); + Assert.assertEquals(2, serviceDescriptors.length); + + validateFromJSON(serviceDescriptors[0]); + } + public static void validateFromJSON(KerberosServiceDescriptor serviceDescriptor) { Assert.assertNotNull(serviceDescriptor); Assert.assertTrue(serviceDescriptor.isContainer()); @@ -190,19 +240,75 @@ public class KerberosServiceDescriptorTest { Assert.assertEquals("green", properties.get("service.property")); } - private KerberosServiceDescriptor createFromJSON() { + private KerberosServiceDescriptor createFromJSON() throws AmbariException { return KerberosServiceDescriptor.fromJSON("SERVICE_NAME", JSON_VALUE); } + private KerberosServiceDescriptor[] createMultipleFromJSON() throws AmbariException { + return KerberosServiceDescriptor.fromJSON(JSON_VALUE_SERVICES); + } + private KerberosServiceDescriptor createFromMap() throws AmbariException { return new KerberosServiceDescriptor(MAP_VALUE); } + private KerberosServiceDescriptor[] createFromFile() throws IOException { + URL url = getClass().getClassLoader().getResource("service_level_kerberos.json"); + File file = (url == null) ? null : new File(url.getFile()); + return KerberosServiceDescriptor.fromFile(file); + } + @Test - public void testJSONDeserialize() { + public void testJSONDeserialize() throws AmbariException { validateFromJSON(createFromJSON()); } + @Test + public void testJSONDeserializeMultiple() throws AmbariException { + validateFromJSON(createMultipleFromJSON()); + } + + @Test + public void testInvalid() { + // Invalid JSON syntax + try { + KerberosServiceDescriptor.fromJSON(JSON_VALUE_SERVICES + "erroneous text"); + Assert.fail("Should have thrown AmbariException."); + } catch (AmbariException e) { + // This is expected + } catch (Throwable t) { + Assert.fail("Should have thrown AmbariException."); + } + + // Test missing top-level "services" + try { + KerberosServiceDescriptor.fromJSON(JSON_VALUE); + Assert.fail("Should have thrown AmbariException."); + } catch (AmbariException e) { + // This is expected + } catch (Throwable t) { + Assert.fail("Should have thrown AmbariException."); + } + + // Test missing top-level "services" in file + URL url = getClass().getClassLoader().getResource("service_level_kerberos_invalid.json"); + File file = (url == null) ? null : new File(url.getFile()); + try { + KerberosServiceDescriptor.fromFile(file); + Assert.fail("Should have thrown AmbariException."); + } catch (AmbariException e) { + // This is expected + } catch (Throwable t) { + Assert.fail("Should have thrown AmbariException."); + } + } + + @Test + public void testFileDeserialize() throws IOException { + KerberosServiceDescriptor[] descriptors = createFromFile(); + Assert.assertNotNull(descriptors); + Assert.assertEquals(2, descriptors.length); + } @Test public void testMapDeserialize() throws AmbariException { http://git-wip-us.apache.org/repos/asf/ambari/blob/9d806633/ambari-server/src/test/resources/service_level_kerberos.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/resources/service_level_kerberos.json b/ambari-server/src/test/resources/service_level_kerberos.json new file mode 100644 index 0000000..cb76d82 --- /dev/null +++ b/ambari-server/src/test/resources/service_level_kerberos.json @@ -0,0 +1,143 @@ +{ + "services": [ + { + "name": "YARN", + "configurations": [ + ], + "components": [ + { + "name": "NODEMANAGER", + "identities": [ + { + "name": "nodemanager_nm", + "principal": { + "value": "nm/_HOST@${realm}", + "configuration": "yarn-site/yarn.nodemanager.principal" + }, + "keytab": { + "file": "${keytab_dir}/nm.service.keytab", + "owner": { + "name": "${hadoop-env/hdfs_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "yarn-site/yarn.nodemanager.keytab" + } + }, + { + "name": "nodemanager_host", + "principal": { + "value": "host/_HOST@${realm}" + }, + "keytab": { + "file": "${keytab_dir}/nm.service.keytab", + "owner": { + "name": "${hadoop-env/hdfs_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + } + } + } + ] + }, + { + "name": "RESOURCEMANAGER", + "identities": [ + { + "name": "resource_manager_rm", + "principal": { + "value": "rm/_HOST@${realm}", + "configuration": "yarn-site/yarn.resourcemanager.principal" + }, + "keytab": { + "file": "${keytab_dir}/rm.service.keytab", + "owner": { + "name": "${hadoop-env/hdfs_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "yarn-site/yarn.resourcemanager.keytab" + } + }, + { + "name": "resource_manager_host", + "principal": { + "value": "host/_HOST@${realm}" + }, + "keytab": { + "file": "${keytab_dir}/rm.service.keytab", + "owner": { + "name": "${hadoop-env/hdfs_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + } + } + } + ] + } + ] + }, + { + "name": "MAPREDUCE2", + "components": [ + { + "name": "HISTORYSERVER", + "identities": [ + { + "name": "history_server_jhs", + "principal": { + "value": "jhs/_HOST@${realm}", + "configuration": "mapred-site/mapreduce.jobhistory.principal" + }, + "keytab": { + "file": "${keytab_dir}/jhs.service.keytab", + "owner": { + "name": "${hadoop-env/hdfs_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "mapred-site/mapreduce.jobhistory.keytab" + } + }, + { + "name": "history_server_host", + "principal": { + "value": "host/_HOST@${realm}" + }, + "keytab": { + "file": "${keytab_dir}/jhs.service.keytab", + "owner": { + "name": "${hadoop-env/hdfs_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + } + } + }, + { + "name": "/spnego" + } + ] + + } + ] + } + ] +} \ No newline at end of file http://git-wip-us.apache.org/repos/asf/ambari/blob/9d806633/ambari-server/src/test/resources/service_level_kerberos_invalid.json ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/resources/service_level_kerberos_invalid.json b/ambari-server/src/test/resources/service_level_kerberos_invalid.json new file mode 100644 index 0000000..c3d55d3 --- /dev/null +++ b/ambari-server/src/test/resources/service_level_kerberos_invalid.json @@ -0,0 +1,89 @@ +{ + "name": "YARN", + "configurations": [ + ], + "components": [ + { + "name": "NODEMANAGER", + "identities": [ + { + "name": "nodemanager_nm", + "principal": { + "value": "nm/_HOST@${realm}", + "configuration": "yarn-site/yarn.nodemanager.principal" + }, + "keytab": { + "file": "${keytab_dir}/nm.service.keytab", + "owner": { + "name": "${hadoop-env/hdfs_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "yarn-site/yarn.nodemanager.keytab" + } + }, + { + "name": "nodemanager_host", + "principal": { + "value": "host/_HOST@${realm}" + }, + "keytab": { + "file": "${keytab_dir}/nm.service.keytab", + "owner": { + "name": "${hadoop-env/hdfs_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + } + } + } + ] + }, + { + "name": "RESOURCEMANAGER", + "identities": [ + { + "name": "resource_manager_rm", + "principal": { + "value": "rm/_HOST@${realm}", + "configuration": "yarn-site/yarn.resourcemanager.principal" + }, + "keytab": { + "file": "${keytab_dir}/rm.service.keytab", + "owner": { + "name": "${hadoop-env/hdfs_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + }, + "configuration": "yarn-site/yarn.resourcemanager.keytab" + } + }, + { + "name": "resource_manager_host", + "principal": { + "value": "host/_HOST@${realm}" + }, + "keytab": { + "file": "${keytab_dir}/rm.service.keytab", + "owner": { + "name": "${hadoop-env/hdfs_user}", + "access": "r" + }, + "group": { + "name": "${cluster-env/user_group}", + "access": "" + } + } + } + ] + } + ] +} \ No newline at end of file
